To reduce exposure, limit the software’s threat surface. Limit the number of services exposed externally, use a firewall, and ensure that untrusted user input goes through a trusted and secured code path.

It’s hard to reduce all exploitability vectors since attacks only get better and future attack methods can’t be reliably predicted. Host-based intrusion protection such as SELinux, stack protection, and ASLR work reliably but take diligence and effort to ensure they are always enabled and kept up to date.

Finally, consider exposure when assigning vulnerability severity. Often a vulnerability has severe consequences but can be mitigated by disabling a service or feature. Calculate the CVSSv2 score for different scenarios and consider how best to mitigate a vulnerability.